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DETAILED ACTION 

1 . The amendment filed on 25 September 2006 has been noted and made of record. 

2. Claims 1-37 have been presented for examination. 

Response to Arguments 

3. Applicant's arguments filed 25 September 2006 have been fully considered but they are 
not persuasive. 

4. In response to applicant's arguments regarding the 35 U.S.C. 101 rejection of claims 1- 
36, the recitation apparatus and system have not been given patentable weight because the 
recitation occurs in the preamble. A preamble is generally not accorded any patentable weight 
where it merely recites the purpose of a process or the intended use of a structure, and where the 
body of the claim does not depend on the preamble for completeness but, instead, the process 
steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 
USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 
1951). 

5. Applicant's arguments regarding the 35 U.S.C. 101 rejection of claims 1-36 fail to 
comply with 37 CFR 1 . 1 1 1(b) because they amount to a general allegation that the claims define 
a patentable invention without specifically pointing out how the language of the claims is 
statutory. 

6. In response to the Applicant's arguments regarding the 35 U.S.C. 1 12 2 nd paragraph 
rejection, the Examiner disagrees. As noted in the previous action, as well as below, the 
Applicant provides for several claim limitations including a filter, an Internet serer application, a 
filter server application all of which are disclosed in the Specification as being computer 
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programs or lines of code. Computer programs, lines of code, applets, servlets, applications, and 
other examples of code are merely non-functional descriptive material since they are not claimed 
as being embodied on a physical medium or being executed or acted upon. Therefore, the 
rejection under 35 U.S.C. 1 12 2 nd paragraph is maintained. 

7. In response to the Applicant's arguments that Cook does not disclose the buyer digitally 

signing something, the Examiner respectfully disagrees. As the Applicant will note in the 

previous office action, as well as again below, the Examiner also cited column 6, lines 17-28 in 

rejecting the previously presented claim since it was unclear where the signing took place. As 

such column 6, lines 17-28 of Cook states: 

Member 10 makes appropriate selections from the available choices of aliases, retrieves a 
time stamp, generates a digital signature and attaches the signature to the collective 
information. Once digitally signed, charge slip 114 (the collective information including 
time stamp certificate) is encrypted and returned to the merchant Web site 106.. . 

As such, Cook discloses wherein the buyer digitally signs the collective information, thereby 

teaching the Applicant's amended claim and the rejection maintained. 

8. Applicant's arguments regarding "identifying those HTTP requests from a buyer that 
include data requiring a digital signature of the buyer" fail to comply with 37 CFR 1 .1 1 1(b) 
because they amount to a general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes them from the 
references. 

9. In response to the applicant's arguments that the Cook fails to show creating a Web page 
the Examiner disagrees. As cited below, and as well as the previous action, Figure 2 of Cook 
discloses a web page for invoking the buyer to digitally sign the charge receipt. As such, Cook 
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teaches create a Web page for transmission to a browser controlled by the buyer, said Web page 
causing the browser to invoke a signing interface enabling the buyer to digitally sign the data. 

10. In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies, such as a 
description of the signing interface, are not recited in the rejected claims. Although the claims 
are interpreted in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). The Examiner 
has interpreted the signing interface to be anything that allows the buyer to digitally sign the 
collective information as discussed earlier. 

11. In response to the applicant's arguments that Cook does not disclose identifying those 
HTTP requests that require a service provided by an entity other than the seller and that 
"identifying" implies decision-making, the Examiner disagrees. First, the Examiner is not 
concerned with what is implied by the terminology used in the claims, but what they state 
outright. The Examiner is required to give the claims their broadest reasonable interpretation 
thereby reducing the possibility that the claim, once issued, would be interpreted more broadly 
than is justified. See MPEP §2111. Cook discloses identifying HTTP requests that require a 
digital signature as cited below, since Cook discusses digitally signing all HTTP requests in the 
instant application. 

12. In response to the Applicant's arguments that the reference does not disclose coupled to 
the Web application and also located at the seller's web site, an interface module adapted to 
receive requests for service from the web application, format, and transmit the requests, receive 
responses to the requests and forward responses to the web application, the Examiner disagrees. 
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As cited in the previous action, and again below, Cook discloses an application coupled to the 
seller's web site as illustrated in at least figures 1 and 3 that the centralized secure data center is 
coupled to seller's web server. 

13. In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies, such as the buyer 
digitally signing anything (with regards to claim 1), are not recited in the rejected claims. 
Although the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 
1993). 

14. In response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

15. In response to the applicant's arguments that Cook does not disclose identifying those 
HTTP requests that require a service provided by an entity other than the seller and that 
"identifying" implies decision-making, the Examiner disagrees. First, the Examiner is not 
concerned with what is implied by the terminology used in the claims, but what they state 
outright. The Examiner is required to give the claims their broadest reasonable interpretation 
thereby reducing the possibility that the claim, once issued, would be interpreted more broadly 
than is justified. See MPEP §2111. SET discloses identifying HTTP requests that require a 
digital signature as cited below, since SET discusses digitally signing all HTTP requests in the 
instant application. 
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16. Applicants arguments fail to comply with 37 CFR 1 . 1 1 1 (b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of the claims patentably distinguishes them from the references. 

17. See further rejections that follow. 

Claim Rejections - 35 USC § 101 

18. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

19. As per claims 1-36, merely claimed as a computer program representing a computer 
listing per se 9 that is, descriptions or expressions of such a program and that is, descriptive 
material per se, non-functional descriptive material, and is not statutory because it is not a 
physical "thing" nor a statutory process, as there are not "acts" being performed. Such claimed 
computer programs do not define any structural and functional interrelationships between the 
computer program and other claimed aspects of the invention which permit the computer 
program's functionality to be realized. Since a computer program is merely a set of instructions 
capable of being executed by a computer, the program itself is not a process, without the 
computer-readable medium needed to realize the computer program's functionality. In contrast, 
a claimed computer-readable medium encoded with a computer program defines structural and 
functional interrelationships between the computer program and the medium which permit the 
computer program's functionality to be realized, and is thus statutory. Warmerdam, 33 F.3d at 
1361, 31 USPQ2d at 1760. In re Sarkar, 588 F.2d 1330, 1333, 200 USPQ 132, 137 (CCPA 
1978). See MPEP § 2106(IV)(B)(l)(a). 



Application/Control Number: 09/657,604 Page 7 

Art Unit: 2131 

20. As per claims 1-36, the Applicant claims integrating a sellers web site with a public key 
infrastructure, wherein the public key infrastructure comprises a buyer computer having a Web 
browser adapted to invoke a signing interface to digitally sign electronic messages, which is an 
Applet as disclosed on page 8 of the Spec. The claim proceeds to claim a seller's bank computer 
system adapted to receive service requests from the seller and to respond to those requests and 
the seller's Web site comprises a filter adapted to redirect HTTP requests received from the Web 
browser, wherein the filter is implemented using Microsoft Internet Server Application 
Programming Interface according to page 10 of the specification. Sample code for implementing 
the filter is shown in figure 4. The next limitation discloses coupled to the filter, an Internet 
server application adapted to receive a redirected HTTP request from the filter and to process the 
redirected HTTP requests, which is disclosed as a servlet or defined as a Internet server 
application on page 10 of the specification, and is further elaborated upon on pages 11-14 and 
Figure 5. Finally, the Applicant claims coupled to the Internet server application, a filter engine 
adapted to receive the processed HTTP request and to identify an HTTP request that contains 
data requiring a digital signature by the buyer computer, which is defined as a public class object 
that extends java.lang.Object on pages 15-16. 

Claim Rejections - 35 USC § 112 

21 . The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

22. Claims 1-16, 23-25, 28, 29, and 31-34 are rejected under 35 U.S.C. 112, second 
paragraph, as being incomplete for omitting essential structural cooperative relationships of 
elements, such omission amounting to a gap between the necessary structural connections. See 
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MPEP § 2172.01. The omitted structural cooperative relationships are: the filter, the Internet 
server application and the filter engine. The Applicant discloses an apparatus, but fails to 
provide any tangible embodiments of the filter, the Internet server application, and the filter 
engine as discussed above with respect to the 35 U.S.C. 101 rejection. 

Claim Rejections 

23. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

24. Claim 37 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent No. 
6,675,153 to Cook et aL, hereinafter Cook. 

25. As per claim 37, Cook teaches an apparatus for integrating a seller's Web site with a 
public key infrastructure, said apparatus comprising: 

a Web server located at the seller's Web site, see figures 1, blocks 106, 108, 3, blocks 
1 06, 1 08, see also column 4, lines 42-46, column 5, lines 11-31; 

a Web application coupled to the Web server and also located at the seller's Web site, the 
Web application adapted to: 

identify those HTTP requests from a buyer that include data requiring a digital signature 
of the buyer, see figures 1, block 1 16, 2, blocks 1 14, 1 18, see column 1, line 62 to column 2, line 
6, column 5, lines 11-31, column 6, lines 17-28, column 7, line 37 to column 9, line 22; 

create a Web page for transmission to a browser controlled by the buyer said Web page 
causing the browser to invoke a signing interface enabling the buyer to digitally sign the data, 
see figures 1, block 1 16, 2, blocks 1 14, 118, see column 1, line 62 to column 2, line 6, column 5, 
lines 11-31, column 6, lines 17-28, column 7, line 37 to column 9, line 22; and 
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identify HTTP requests that require a service provided by an entity other than the seller, 
see figures 1, blocks 102, 104, 3, blocks 102, 104, as well as column 11, line 60 to column 12, 
line 40; and 

coupled to the Web application and also located at the seller's Web site, an interface 
module adapted to receive a request for service from the Web application, format and transmit 
the request, receive a response to the request, and forward the response to the Web application, 
see figure 1, blocks 102, 104, 3 blocks 102, 104, as well as column 4, lines 56-64, column 9, line 
23 to column 10, line 8. 

26. Claims 1- 3, 5-9, 23-25, 28, 29, and 31-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over SET as taught by U.S. Patent No. 6,327,578 to Linehan, hereinafter referred to 
as SET, in view of U.S. Patent No. 5,717,989 to Tozzoli et al., hereinafter Tozzoli. 

27. As per claim 1, SET teaches an apparatus for integrating a seller's Web site with a public 
key infrastructure, wherein: 

the public key infrastructure comprises a buyer computer having a Web browser adapted - 
to invoke a signing interface to digitally sign electronic messages and a seller's bank computer 
system adapted to receive service requests from the seller and respond to those requests with 
digitally signed service responses comprising, see figure 1, see also column 3, lines 15-23, i.e. 
while on the internet, "the merchant's computer 104 forwards the consumer's payment request 
over internet path 122 during a second step to an acquirer gateway 106 operating on behalf of the 
acquirer bank 108"; the seller's Web site comprises: 
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redirecting HTTP requests received from the Web browser, see figure 1 , see also column 
3, lines 15-23, i.e. while on the internet, "the merchant's computer 104 forwards the consumer's 
payment request over internet path 122 during a second step to an acquirer gateway 106 
operating on behalf of the acquirer bank 108"; 

coupled to the filter, an Internet server application adapted to receive a redirected HTTP 
request and process the redirected HTTP request, see figure 1, see also column 3, lines 23-32, i.e. 
'The acquirer gateway 106 passes the consumer's payment request to the acquirer bank 108 over 
a private network path 122\ The acquirer bank 108 sends the consumer's payment request to the 
card issuing bank 112 over the private network path 124 to check whether the consumer's credit 
or debit card account is active and sufficient for the proposed transaction with the merchant. The 
issuing bank 112, as the card issuer, authorizes the transaction in a message sent over the private 
path 126 to the acquiring bank 108. The acquiring bank 108 sends the transaction authorization 
over private path 128' to the acquirer gateway 106, signing the message with the acquiring 
bank's digital signature"; 

coupled to the Internet server application, a filter engine adapted to receive processed 
HTTP requests from the Internet server application and to identify HTTP requests that contains 
data requiring a digital signature by the buyer computer, see figure 1 and column 3, lines 32-39, 
i.e. "The acquirer gateway 106 forwards it over the internet path 128 to the merchant, authorizing 
from the merchant to proceed with the transaction. Once the merchant has received the 
transaction authorization from the acquirer gateway 106, the merchant completes the sales 
transaction with the consumer." 

28. SET does not disclose the use of a filter or filter engine. 
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29. Tozzoli discusses the use of filtering when processing transactions over the Internet. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
include filtering, since Tozzoli discloses in column 11, lines 52-57 that such a modification 
allows the merchant to verify and access data fields quickly and process the order accurately. 

30. Regarding claim 2 5 SET discloses a bank interface adapted to receive the request and 
transmitting the request to the seller's bank in figure 1, blocks 106, 122', and 142', as well as 
column 3, lines 13-47. 

3 1 . Tozzoli discloses the filter engine and reformatting the request in figures 3a-3c, column 
7, line 42 to column 8, line 3, column 11, lines 52-58, and column 12, line 64 to column 13, line 
4. 

32. With regards to claim 3, SET teaches wherein the bank interface is further adapted to 
receive a service response to the request from the seller's bank and forward the response to the 
filter engine, see figure 1, as well as column 3, lines 13-47. 

33. Regarding claim 5, Tozzoli teaches a Web server adapted to parse requests redirected by 
the filter, see figure 5, as well as column 7, line 53 to column 8, line 12. 

34. Regarding claim 6, SET teaches wherein services provided by the sellers bank are 
provided within the context of a four-corner model, see figure 1 . 
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35. With regards to claim 7, SET teaches wherein the four-corner model comprises the buyer, 
the seller, the seller's bank, and a buyer's bank, see figure 1, where the buyer is the consumer, 
block 102, the seller is the merchant, block 104, the seller's bank is the acquiring bank, block 
108, and the buyer's bank is the issuing bank, block 1 12. 

36. Regarding claim 8, neither SET nor Tozzoli disclose wherein the filter is implemented 
using ISAPI. 

37. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to implement the filter using ISAPI, since it has been held that ISAPI is an easy-to- 
use, high performance interface for back-end applications and has significant performance 
advantages over the CGI specification, such as having its own dynamic-link library. 

38. Regarding claim 9, SET teaches wherein the Internet service application is adapted to 
generate HTTP responses based on data received from the filter engine, see column 3, lines 13- 
47. 

39. Regarding claim 23, Tozzoli and SET do not teach wherein the filter engine determines 
whether an HTTP request contains data requiring signature by applying filtering rules. 

40. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine determine if the data required a signature, since SET discloses 
at column 3, lines 32-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 
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41 . Regarding claim 24, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize each HTTP request that includes data requiring signature. 

42. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize that the data has a digital signature, since SET 
discloses at column 3, lines 32-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

43. Regarding claim 25, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize HTTP requests transmitted by the Web browser that have been 
modified to include a special tag that indicates whether the request includes data that requires 
signature. 

44. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize special tags that indicate the request for a digital 
signature, since SET discloses at column 3, lines 32-47 that such a modification would ensure 
that the transaction was authorized by the appropriate user. 

45. Regarding claim 28, neither SET nor Tozzoli teach wherein the filter engine provides an 
abstracted front-end interface via java remote method invocation. 

46. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
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abstracted front-end is an easy-to-use, high performance interface for linking to back-end 
applications. 

47. Regarding claim 29, Tozzoli teaches wherein the filter engine employs a rules class, see 
column 11, line 52 to column 12, line 11. 

48. Regarding claim 3 1 , neither SET nor Tozzoli teach wherein the bank interface is 
designed with a plug-in based architecture. 

49. Linehan discloses wherein the bank interface is designed with a plug-in based 
architecture. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to design the bank interface with a plug-in based architecture, since Linehan 
discloses at column 9, lines 3-28 that such a modification would allow the bank to operate with 
foreign consumers. 

50. Regarding claim 32, SET and Tozzoli do not teach wherein the bank interface supports 
an abstract front-end interface to allow communication via a plurality of middleware 
technologies. 

51. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for interacting with 
middleware from a plurality of vendors. 
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52. Regarding claim 33, SET teaches wherein the bank interface is adapted to create and 
transmit OCSP requests, see column 3, lines 25-47. 

53. Regarding claim 34, SET teaches wherein the bank interface comprises a certificate 
status check module, see column 3, lines 25-47. 

54. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over SET in view of 
Tozzoli as applied to claim 2 above, and further in view of Linehan. 

55. With regards to claim 4, SET does not disclose wherein the service is certificate 
validation of a buyer digital certificate. 

56. Linehan discloses certificate validation. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to include certificate validation, since Linehan 
states at column 4, lines 23-44 that such a modification would serve to validate that the payment 
was authorized by the card holder. 

57. Claims 10-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 1 above, and further in view of U.S. Patent No. 6,052,785 to 
Lin et al., hereinafter Lin. 

58. Regarding claim 10, neither SET nor Tozzoli disclose wherein the Internet server 
application is adapted to pass a hash table to the filter engine. 

59. Lin teaches wherein the Internet server application is adapted to pass a hash table to the 
filter engine. It would have been obvious to one of ordinary skill in the art at the time the 
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invention was made to have the server application pass a hash table to the filter engine, since Lin 
discloses at column 8, lines 43-56 that such a modification supports authentication, which is 
necessary to prevent fraudulent transactions. 

60. With regards to claim 11, Lin teaches wherein the hash table comprises the headers from 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

61 . With regards to claim 12, Lin teaches wherein the hash table comprises the method of the 
redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

62. With regards to claim 13, Lin teaches wherein the hash table comprises the content-type 
of the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

63. With regards to claim 14, Lin teaches wherein the hash table comprises the buyer 
computer's IP address, see figure 3, as well as column 8, line 51 to column 9, line 17. 

64. With regards to claim 1 5, Lin teaches wherein the hash table comprises the actual data in 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

65. With regards to claim 16, Lin teaches wherein the hash table comprises a unique session 
ID, see figure 3, as well as column 8, line 51 to column 9, line 17. 
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Conclusion 

66. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

67. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

68. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

69. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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70. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christian LaForgia ^ . 
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